// Handle Additions, removals, approvals and denials
if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny']) || isset($_POST['mass_colorize'])) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=groupcp.' . PHP_EXT . '&' . POST_GROUPS_URL . '=' . $group_id, true));
} elseif ($sid !== $user->data['session_id']) {
message_die(GENERAL_ERROR, $lang['Session_invalid']);
}
if (!$is_moderator) {
$redirect_url = append_sid(CMS_PAGE_FORUM);
meta_refresh(3, $redirect_url);
$message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
if (isset($_POST['add'])) {
$username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
$sql = get_users_sql($username, false, true, true, false);
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result))) {
$redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
meta_refresh(3, $redirect_url);
$message = $lang['Could_not_add_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$row['user_level'] = $row['user_level'] == JUNIOR_ADMIN ? ADMIN : $row['user_level'];
if ($row['user_id'] == ANONYMOUS) {
$redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
meta_refresh(3, $redirect_url);
$message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$sql = "SELECT ug.user_id, u.user_level, u.group_id, u.user_color, u.user_rank\n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
function main($action)
{
global $template, $lang, $config, $pafiledb_config, $db, $images, $user;
if (!$this->auth_global['auth_search']) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=dload.' . PHP_EXT . '&action=stats', true));
}
$message = sprintf($lang['Sorry_auth_search'], $this->auth_global['auth_search_type']);
message_die(GENERAL_MESSAGE, $message);
}
include IP_ROOT_PATH . 'includes/functions_search.' . PHP_EXT;
$search_keywords = request_var('search_keywords', '', true);
$search_keywords = htmlspecialchars_decode($search_keywords, ENT_COMPAT);
$search_author = request_var('search_author', '', true);
$search_author = htmlspecialchars_decode($search_author, ENT_COMPAT);
$search_id = request_var('search_id', 0);
$search_terms = request_var('search_terms', '');
$search_terms = $search_terms == 'all' ? 1 : 0;
$cat_id = request_var('cat_id', 0);
$comments_search = request_var('comments_search', '');
$comments_search = $comments_search == 'YES' ? 1 : 0;
$start = request_var('start', 0);
$start = $start < 0 ? 0 : $start;
$sort_method = request_var('sort_method', $pafiledb_config['sort_method']);
$sort_method = check_var_value($sort_method, array('file_name', 'file_time', 'file_dls', 'file_rating', 'file_update_time'));
$sort_method = $sort_method == 'file_rating' ? 'rating' : $sort_method;
$sort_order = request_var('order', $pafiledb_config['sort_order']);
$sort_order = check_var_value($sort_order, array('DESC', 'ASC'));
$limit_sql = $start == 0 ? $pafiledb_config['settings_file_page'] : $start . ',' . $pafiledb_config['settings_file_page'];
// encoding match for workaround
$multibyte_charset = 'utf-8, big5, shift_jis, euc-kr, gb2312';
if (isset($_POST['submit']) || $search_author != '' || $search_keywords != '' || $search_id) {
$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_method', 'sort_order');
if ($search_author != '' || $search_keywords != '') {
if ($search_author != '' && $search_keywords == '') {
$search_author = str_replace('*', '%', trim($search_author));
$sql = get_users_sql($search_author, true, false, true, false);
$result = $db->sql_query($sql);
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
do {
$matching_userids .= ($matching_userids != '' ? ', ' : '') . $row['user_id'];
} while ($row = $db->sql_fetchrow($result));
} else {
message_die(GENERAL_MESSAGE, $lang['No_search_match']);
}
$sql = "SELECT *\n\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\tWHERE user_id IN ({$matching_userids})";
$result = $db->sql_query($sql);
$search_ids = array();
while ($row = $db->sql_fetchrow($result)) {
if ($this->auth[$row['file_catid']]['auth_view']) {
$search_ids[] = $row['file_id'];
}
}
$db->sql_freeresult($result);
$total_match_count = sizeof($search_ids);
} elseif ($search_keywords != '') {
stopwords_synonyms_init();
$split_search = array();
$split_search = !strstr($multibyte_charset, $lang['ENCODING']) ? split_words(clean_words('search', stripslashes($search_keywords), $stopwords_array, $synonyms_array), 'search') : split(' ', $search_keywords);
$word_count = 0;
$current_match_type = 'or';
$word_match = array();
$result_list = array();
for ($i = 0; $i < sizeof($split_search); $i++) {
switch ($split_search[$i]) {
case 'and':
$current_match_type = 'and';
break;
case 'or':
$current_match_type = 'or';
break;
case 'not':
$current_match_type = 'not';
break;
default:
if (!empty($search_terms)) {
$current_match_type = 'and';
}
$match_word = addslashes('%' . str_replace('*', '', $split_search[$i]) . '%');
$sql = "SELECT file_id\n\t\t\t\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE (file_name LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_creator LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_desc LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_longdesc LIKE '{$match_word}')";
$result = $db->sql_query($sql);
$row = array();
while ($temp_row = $db->sql_fetchrow($result)) {
$row[$temp_row['file_id']] = 1;
if (!$word_count) {
$result_list[$temp_row['file_id']] = 1;
} elseif ($current_match_type == 'or') {
$result_list[$temp_row['file_id']] = 1;
} elseif ($current_match_type == 'not') {
$result_list[$temp_row['file_id']] = 0;
}
}
if ($current_match_type == 'and' && $word_count) {
@reset($result_list);
while (list($file_id, $match_count) = @each($result_list)) {
if (!$row[$file_id]) {
$result_list[$file_id] = 0;
}
}
}
if ($comments_search) {
$sql = "SELECT file_id\n\t\t\t\t\t\t\t\t\tFROM " . PA_COMMENTS_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE (comments_title LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR comments_text LIKE '{$match_word}')";
$result = $db->sql_query($sql);
$row = array();
while ($temp_row = $db->sql_fetchrow($result)) {
$row[$temp_row['file_id']] = 1;
if (!$word_count) {
$result_list[$temp_row['file_id']] = 1;
} else {
if ($current_match_type == 'or') {
$result_list[$temp_row['file_id']] = 1;
} else {
if ($current_match_type == 'not') {
$result_list[$temp_row['file_id']] = 0;
}
}
}
}
if ($current_match_type == 'and' && $word_count) {
@reset($result_list);
while (list($file_id, $match_count) = @each($result_list)) {
if (!$row[$file_id]) {
$result_list[$file_id] = 0;
}
}
}
}
$word_count++;
$db->sql_freeresult($result);
}
}
@reset($result_list);
$search_ids = array();
while (list($file_id, $matches) = each($result_list)) {
if ($matches) {
$search_ids[] = $file_id;
}
}
unset($result_list);
$total_match_count = sizeof($search_ids);
}
// Author name search
if ($search_author != '') {
$search_author = str_replace('*', '%', trim($db->sql_escape($search_author)));
}
if ($total_match_count) {
$where_sql = $cat_id ? 'AND file_catid IN (' . $this->gen_cat_ids($cat_id, '') . ')' : '';
if ($search_author == '') {
$sql = "SELECT file_id, file_catid\n\t\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\t\tWHERE file_id IN (" . implode(", ", $search_ids) . ")\n\t\t\t\t\t\t\t\t{$where_sql}\n\t\t\t\t\t\t\tGROUP BY file_id";
} else {
$from_sql = PA_FILES_TABLE . " f";
if ($search_author != '') {
$from_sql .= ", " . USERS_TABLE . " u";
$where_sql .= " AND u.user_id = f.user_id AND u.username LIKE '{$search_author}' ";
}
$where_sql .= $cat_id ? 'AND file_catid IN (' . $this->gen_cat_ids($cat_id, '') . ')' : '';
$sql = "SELECT f.file_id, f.file_catid\n\t\t\t\t\t\t\tFROM {$from_sql}\n\t\t\t\t\t\t\tWHERE f.file_id IN (" . implode(", ", $search_ids) . ")\n\t\t\t\t\t\t\t{$where_sql}\n\t\t\t\t\t\t\tGROUP BY f.file_id";
}
$result = $db->sql_query($sql);
$search_ids = array();
while ($row = $db->sql_fetchrow($result)) {
if ($this->auth[$row['file_catid']]['auth_view']) {
$search_ids[] = $row['file_id'];
}
}
$db->sql_freeresult($result);
$total_match_count = sizeof($search_ids);
} else {
message_die(GENERAL_MESSAGE, $lang['No_search_match']);
}
//
// Finish building query (for all combinations)
// and run it ...
//
$expiry_time = $current_time - $config['session_length'];
$sql = "SELECT session_id\n\t\t\t\t\tFROM " . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_time > {$expiry_time}";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
$delete_search_ids = array();
while ($row = $db->sql_fetchrow($result)) {
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if (sizeof($delete_search_ids)) {
$sql = "DELETE FROM " . SEARCH_TABLE . "\n\t\t\t\t\t\t\tWHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
$result = $db->sql_query($sql);
}
}
// Store new result data
$search_results = implode(', ', $search_ids);
$store_search_data = array();
for ($i = 0; $i < sizeof($store_vars); $i++) {
$store_search_data[$store_vars[$i]] = ${$store_vars}[$i];
}
$result_array = serialize($store_search_data);
unset($store_search_data);
mt_srand((double) microtime() * 1000000);
$search_id = mt_rand();
$sql = "UPDATE " . SEARCH_TABLE . "\n\t\t\t\t\tSET search_id = {$search_id}, search_array = '" . $db->sql_escape($result_array) . "'\n\t\t\t\t\tWHERE session_id = '" . $user->data['session_id'] . "'";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result || !$db->sql_affectedrows()) {
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)\n\t\t\t\t\t\tVALUES({$search_id}, '" . $user->data['session_id'] . "', '" . $db->sql_escape($result_array) . "')";
$result = $db->sql_query($sql);
}
} else {
$search_id = intval($search_id);
if ($search_id) {
$sql = "SELECT search_array\n\t\t\t\t\t\tFROM " . SEARCH_TABLE . "\n\t\t\t\t\t\tWHERE search_id = {$search_id}\n\t\t\t\t\t\tAND session_id = '" . $user->data['session_id'] . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$search_data = unserialize($row['search_array']);
for ($i = 0; $i < sizeof($store_vars); $i++) {
${$store_vars}[$i] = $search_data[$store_vars[$i]];
}
}
}
}
if ($search_results != '') {
$sql = "SELECT f1.*, AVG(r.rate_point) AS rating, COUNT(r.votes_file) AS total_votes, u.user_id, u.username, u.user_active, u.user_color, c.cat_id, c.cat_name, COUNT(cm.comments_id) AS total_comments\n\t\t\t\t\tFROM (" . PA_FILES_TABLE . " AS f1, " . PA_CATEGORY_TABLE . " AS c)\n\t\t\t\t\t\tLEFT JOIN " . PA_VOTES_TABLE . " AS r ON f1.file_id = r.votes_file\n\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON f1.user_id = u.user_id\n\t\t\t\t\t\tLEFT JOIN " . PA_COMMENTS_TABLE . " AS cm ON f1.file_id = cm.file_id\n\t\t\t\t\tWHERE f1.file_id IN ({$search_results})\n\t\t\t\t\tAND c.cat_id = f1.file_catid\n\t\t\t\t\tAND f1.file_approved = '1'\n\t\t\t\t\tGROUP BY f1.file_id\n\t\t\t\t\tORDER BY {$sort_method} {$sort_order}\n\t\t\t\t\tLIMIT {$limit_sql}";
$result = $db->sql_query($sql);
$searchset = array();
while ($row = $db->sql_fetchrow($result)) {
$searchset[] = $row;
}
$db->sql_freeresult($result);
$l_search_matches = $total_match_count == 1 ? sprintf($lang['Found_search_match'], $total_match_count) : sprintf($lang['Found_search_matches'], $total_match_count);
$template->assign_vars(array('L_SEARCH_MATCHES' => $l_search_matches));
for ($i = 0; $i < sizeof($searchset); $i++) {
$cat_url = append_sid('dload.' . PHP_EXT . '?action=category&cat_id=' . $searchset[$i]['cat_id']);
$file_url = append_sid('dload.' . PHP_EXT . '?action=file&file_id=' . $searchset[$i]['file_id']);
//===================================================
// Format the date for the given file
//===================================================
$date = create_date_ip($config['default_dateformat'], $searchset[$i]['file_time'], $config['board_timezone']);
//===================================================
// Get rating for the file and format it
//===================================================
//$rating = ($searchset[$i]['rating'] != 0) ? round($searchset[$i]['rating'], 2) . ' / 10' : $lang['Not_rated'];
//$rating2 = ($searchset[$i]['rating'] != 0) ? sprintf("%.1f", round(($searchset[$i]['rating']), 2) / 2) : '0.0';
$rating2 = $searchset[$i]['rating'] != 0 ? sprintf("%.1f", round($searchset[$i]['rating'], 0) / 2) : '0.0';
//===================================================
// If the file is new then put a new image in front of it
//===================================================
$is_new = false;
if (time() - $pafiledb_config['settings_newdays'] * 24 * 60 * 60 < $searchset[$i]['file_time']) {
$is_new = true;
}
$xs_new = $is_new ? '-new' : '';
//===================================================
// Get the post icon fot this file
//===================================================
if ($searchset[$i]['file_pin'] != FILE_PINNED) {
if ($searchset[$i]['file_posticon'] == 'none' || $searchset[$i]['file_posticon'] == 'none.gif') {
$posticon = '<img src="' . IP_ROOT_PATH . FILES_ICONS_DIR . 'default.png" alt="" />';
//$posticon = ' ';
} else {
$posticon = '<img src="' . FILES_ICONS_DIR . $searchset[$i]['file_posticon'] . '" alt="" />';
}
} else {
$posticon = '<img src="' . $images['forum_link'] . '" alt="" />';
}
$poster = $searchset[$i]['user_id'] == ANONYMOUS ? $lang['Guest'] : colorize_username($searchset[$i]['user_id'], $searchset[$i]['username'], $searchset[$i]['user_color'], $searchset[$i]['user_active']);
$template->assign_block_vars('searchresults', array('CAT_NAME' => $searchset[$i]['cat_name'], 'FILE_NEW_IMAGE' => $images['pa_file_new'], 'PIN_IMAGE' => $posticon, 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'IS_NEW_FILE' => $is_new, 'FILE_NAME' => $searchset[$i]['file_name'], 'FILE_DESC' => $searchset[$i]['file_desc'], 'FILE_SUBMITER' => $poster, 'DATE' => $date, 'RATING' => $rating2, 'DOWNLOADS' => $searchset[$i]['file_dls'], 'U_FILE' => $file_url, 'U_CAT' => $cat_url));
}
$base_url = append_sid('dload.' . PHP_EXT . '?action=search&search_id=' . $search_id);
$template->assign_vars(array('PAGINATION' => generate_pagination($base_url, $total_match_count, $pafiledb_config['settings_file_page'], $start), 'PAGE_NUMBER' => sprintf($lang['Page_of'], floor($start / $pafiledb_config['settings_file_page']) + 1, ceil($total_match_count / $pafiledb_config['settings_file_page'])), 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'L_HOME' => $lang['Home'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD' => append_sid('dload.' . PHP_EXT), 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_RATE' => $lang['DlRating'], 'L_DOWNLOADS' => $lang['Dls'], 'L_DATE' => $lang['Date'], 'L_NAME' => $lang['Name'], 'L_FILE' => $lang['File'], 'L_SUBMITER' => $lang['Submiter'], 'L_CATEGORY' => $lang['Category'], 'L_NEW_FILE' => $lang['New_file']));
$this->display($lang['Download'], 'pa_search_result.tpl');
} else {
message_die(GENERAL_MESSAGE, $lang['No_search_match']);
}
}
if (!isset($_POST['submit']) || $search_author == '' && $search_keywords == '' && !$search_id) {
$dropmenu = $this->jumpmenu_option();
$template->assign_vars(array('S_SEARCH_ACTION' => append_sid('dload.php'), 'S_CAT_MENU' => $dropmenu, 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD' => append_sid('dload.' . PHP_EXT), 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'L_SEARCH_OPTIONS' => $lang['Search_options'], 'L_SEARCH_KEYWORDS' => $lang['Search_keywords'], 'L_SEARCH_KEYWORDS_EXPLAIN' => $lang['Search_keywords_explain'], 'L_SEARCH_AUTHOR' => $lang['Search_author'], 'L_SEARCH_AUTHOR_EXPLAIN' => $lang['Search_author_explain'], 'L_SEARCH_ANY_TERMS' => $lang['Search_for_any'], 'L_SEARCH_ALL_TERMS' => $lang['Search_for_all'], 'L_INCLUDE_COMMENTS' => $lang['Include_comments'], 'L_SORT_BY' => $lang['Select_sort_method'], 'L_SORT_DIR' => $lang['Order'], 'L_SORT_ASCENDING' => $lang['Sort_Ascending'], 'L_SORT_DESCENDING' => $lang['Sort_Descending'], 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_RATING' => $lang['DlRating'], 'L_DOWNLOADS' => $lang['Dls'], 'L_DATE' => $lang['Date'], 'L_NAME' => $lang['Name'], 'L_UPDATE_TIME' => $lang['Update_time'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_FOR' => $lang['Search_for'], 'L_ALL' => $lang['All'], 'L_CHOOSE_CAT' => $lang['Choose_cat']));
$this->display($lang['Download'], 'pa_search_body.tpl');
}
}
$show_results = 'posts';
$sort_by = 0;
$sort_dir = 'DESC';
}
else
{
//$search_author = str_replace('*', '%', trim($db->sql_escape($search_author)));
$search_author = str_replace('*', '%', trim($db->sql_escape(utf8_clean_string($search_author))));
if(!$only_bluecards && (strpos($search_author, '%') !== false) && (strlen(str_replace('%', '', $search_author)) < $config['search_min_chars']))
{
$search_author = '';
message_die(GENERAL_MESSAGE, sprintf($lang['SEARCH_MIN_CHARS'], $config['search_min_chars']));
}
$sql = get_users_sql($search_author, true, false, false, false);
$result = $db->sql_query($sql);
$matching_userids = '';
if ($row = $db->sql_fetchrow($result))
{
do
{
$matching_userids .= (($matching_userids != '') ? ', ' : '') . $row['user_id'];
}
while($row = $db->sql_fetchrow($result));
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_search_match']);
}
function post_change_poster($post_id, $poster_name)
{
global $db, $user;
/*
$founder_id = (defined('FOUNDER_ID') ? FOUNDER_ID : get_founder_id());
if ($user->data['user_id'] != $founder_id)
{
return false;
}
*/
$sql = get_users_sql($poster_name, false, false, true, false);
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result))) {
$db->sql_freeresult($result);
return false;
}
$poster_id = $row['user_id'];
$db->sql_freeresult($result);
$is_first_post = false;
$sql = "SELECT topic_id\n\t\t\tFROM " . TOPICS_TABLE . "\n\t\t\tWHERE topic_first_post_id = '" . $post_id . "'\n\t\t\tLIMIT 1";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$is_first_post = true;
$topic_id = $row['topic_id'];
}
$db->sql_freeresult($result);
$is_post_count = false;
$sql = "SELECT p.forum_id, p.poster_id, p.post_username, f.forum_postcount\n\t\t\tFROM " . POSTS_TABLE . " p, " . FORUMS_TABLE . " f\n\t\t\tWHERE p.post_id = '" . $post_id . "'\n\t\t\t\tAND f.forum_id = p.forum_id\n\t\t\tLIMIT 1";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$old_poster_id = $row['poster_id'];
$old_poster_username = $row['post_username'];
$is_post_count = $row['forum_postcount'] ? true : false;
}
$db->sql_freeresult($result);
$sql = "UPDATE " . POSTS_TABLE . " SET poster_id = '" . $poster_id . "', post_username = '' WHERE post_id = '" . $post_id . "'";
$result = $db->sql_query($sql);
if ($is_first_post) {
$sql = "UPDATE " . TOPICS_TABLE . " SET topic_poster = '" . $poster_id . "' WHERE topic_id = '" . $topic_id . "'";
$result = $db->sql_query($sql);
}
if ($is_post_count) {
if ($poster_id != ANONYMOUS) {
$sql = "UPDATE " . USERS_TABLE . " SET user_posts = (user_posts + 1) WHERE user_id = '" . $poster_id . "'";
$result = $db->sql_query($sql);
$this->autogroup($poster_id);
}
if ($old_poster_id != ANONYMOUS) {
$this->user_decrease_postscounter($old_poster_id, 1);
$this->autogroup($old_poster_id);
}
}
return true;
}
function validate_username($username)
{
global $db, $user, $lang;
// Remove doubled up spaces
$username = preg_replace('#\\s+#', ' ', trim($username));
$username = phpbb_clean_username($username);
$sql = get_users_sql($username, false, false, true, false);
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
while ($row = $db->sql_fetchrow($result)) {
if ($user->data['session_logged_in'] && $row['username'] != $user->data['username'] || !$user->data['session_logged_in']) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . $db->sql_escape(strtolower($username)) . "'";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word\n\t\tFROM " . WORDS_TABLE;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if ($result) {
if ($row = $db->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
if (!preg_match("/^[a-z0-9&\\-_ ]+\$/i", $username)) {
return array('error' => true, 'error_msg' => $lang['Forbidden_characters']);
}
// Disallow " and ALT-255 in username.
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) {
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
} else {
$_varary = $_POST['pending_members'];
}
$_data = '';
for ($i = 0; $i < sizeof($_varary); $i++) {
$_data .= ($_data != '' ? ', ' : '') . intval($_varary[$i]);
}
$content .= '[Group Edit: ' . $_tmp1 . ' ==> ' . $_data . ']';
if ($db_log_actions == true) {
$db_log = array('action' => 'GROUP_EDIT', 'desc' => $_tmp1, 'target' => $_data);
}
$update_log = true;
} elseif (isset($_POST['add']) && isset($_POST['username'])) {
$content .= '[Group Add: ' . $_tmp1 . ' ==> ' . $_POST['username'] . ']';
if ($db_log_actions == true) {
$sql = get_users_sql(phpbb_clean_username($_POST['username']), false, false, true, true);
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$db_log = array('action' => 'GROUP_ADD', 'desc' => $_tmp1, 'target' => $user_row['user_id']);
}
$update_log = true;
} elseif (isset($_POST['groupstatus']) && isset($_POST['group_type'])) {
$content .= '[Group Type: ' . $_tmp1 . ' ==> ' . intval($_POST['group_type']) . ']';
if ($db_log_actions == true) {
$db_log = array('action' => 'GROUP_TYPE', 'desc' => $_tmp1 . ';' . intval($_POST['group_type']), 'target' => '');
}
$update_log = true;
}
}
break;
function search_attachments($order_by, &$total_rows)
{
global $db, $lang;
$where_sql = array();
// Get submitted Vars
$search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat');
for ($i = 0; $i < sizeof($search_vars); $i++) {
${$search_vars}[$i] = request_var($search_vars[$i], '');
}
// Author name search
if ($search_author != '') {
// Bring in line with 2.0.x expected username
$search_author = addslashes(html_entity_decode($search_author));
$search_author = stripslashes(phpbb_clean_username($search_author));
// Prepare for directly going into sql query
$search_author = str_replace('*', '%', $db->sql_escape(utf8_clean_string($search_author)));
// We need the post_id's, because we want to query the Attachment Table
$sql = get_users_sql($search_author, true, false, false, false);
$result = $db->sql_query($sql);
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
do {
$matching_userids .= ($matching_userids != '' ? ', ' : '') . intval($row['user_id']);
} while ($row = $db->sql_fetchrow($result));
$db->sql_freeresult($result);
} else {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) ';
}
// Search Keyword
if ($search_keyword_fname != '') {
$match_word = str_replace('*', '%', $search_keyword_fname);
$where_sql[] = " (a.real_filename LIKE '" . $db->sql_escape($match_word) . "') ";
}
if ($search_keyword_comment != '') {
$match_word = str_replace('*', '%', $search_keyword_comment);
$where_sql[] = " (a.comment LIKE '" . $db->sql_escape($match_word) . "') ";
}
// Search Download Count
if ($search_count_smaller != '' || $search_count_greater != '') {
if ($search_count_smaller != '') {
$where_sql[] = ' (a.download_count < ' . (int) $search_count_smaller . ') ';
} else {
if ($search_count_greater != '') {
$where_sql[] = ' (a.download_count > ' . (int) $search_count_greater . ') ';
}
}
}
// Search Filesize
if ($search_size_smaller != '' || $search_size_greater != '') {
if ($search_size_smaller != '') {
$where_sql[] = ' (a.filesize < ' . (int) $search_size_smaller . ') ';
} else {
if ($search_size_greater != '') {
$where_sql[] = ' (a.filesize > ' . (int) $search_size_greater . ') ';
}
}
}
// Search Attachment Time
if ($search_days_greater != '') {
$where_sql[] = ' (a.filetime < ' . (time() - (int) $search_days_greater * 86400) . ') ';
}
// Search Forum
if ($search_forum) {
$where_sql[] = ' (p.forum_id = ' . intval($search_forum) . ') ';
}
// Search Cat... nope... sorry :(
$sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id
FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE ';
if (sizeof($where_sql) > 0) {
$sql .= implode('AND', $where_sql) . ' AND ';
}
$sql .= 't.post_id = p.post_id AND a.attach_id = t.attach_id ';
$total_rows_sql = $sql;
$sql .= $order_by;
$result = $db->sql_query($sql);
$attachments = $db->sql_fetchrowset($result);
$num_attach = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_attach == 0) {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$result = $db->sql_query($total_rows_sql);
$total_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
return $attachments;
}
include_once(IP_ROOT_PATH . 'includes/users_zebra_block.' . PHP_EXT);
make_jumpbox(CMS_PAGE_VIEWFORUM);
// New message
$post_new_mesg_url = '<a href="' . append_sid(CMS_PAGE_PRIVMSG . '?mode=post') . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" /></a>';
// Search messages
$search_sql = '';
$search_userid = 0;
$search_subject = '';
$search_text = '';
if($search_type === 'author')
{
$sql = get_users_sql($search_value, true, false, true, false);
$result = $db->sql_query($sql);
if($result)
{
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if($row !== false)
{
$search_userid = $row['user_id'];
$search_sql = ' AND privmsgs_' . ((($folder === 'inbox') || ($folder === 'savebox')) ? 'from' : 'to') . '_userid = ' . $search_userid . ' ';
}
}
}
elseif($search_type === 'subject')
{
$search_sql = ' AND privmsgs_subject LIKE \'%' . $db->sql_escape($search_value) . '%\' ';
function id_2_name($id, $mode = 'user')
{
global $db;
static $nameCache;
//Stores names we've already sent a query for
//Has array sections ['user'] and ['reverse']
//['user']['user_id'] => ['username']
//['reverse']['username'] => ['user_id']
if ($id == '') {
return '?';
}
switch ($mode) {
case 'user_formatted':
if (isset($nameCache['user_formatted'][$id])) {
return $nameCache['user_formatted'][$id];
}
$sql = "SELECT user_id, username, username_clean, user_active, user_color FROM " . USERS_TABLE . " WHERE user_id = '" . $id . "'";
break;
case 'user':
if (isset($nameCache['user'][$id])) {
return $nameCache['user'][$id];
}
$sql = "SELECT user_id, username, username_clean, user_active, user_color FROM " . USERS_TABLE . " WHERE user_id = " . $id;
break;
case 'reverse':
if (isset($nameCache['reverse'][$id])) {
return $nameCache['reverse'][$id];
}
$sql = get_users_sql($id, false, false, true, false);
break;
}
if (!empty($sql)) {
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (empty($row['user_id'])) {
return false;
} else {
// Compile cache
$formatted_username = colorize_username($row['user_id'], $row['username'], $row['user_color'], $row['user_active']);
$nameCache['user'][$row['user_id']] = $row['username'];
$nameCache['user_formatted'][$row['user_id']] = $formatted_username;
$nameCache['reverse'][$row['username']] = $row['user_id'];
switch ($mode) {
case 'user_formatted':
return $formatted_username;
break;
case 'user':
return $row['username'];
break;
case 'reverse':
return $row['user_id'];
break;
}
}
}
return false;
}